I am afraid that this is not possible in current implementation. My suggestion is to use Traps instead of Syslogs (if possible in your environment):
- Setup traps to devices (instead of syslogs)
- In Trap viewer set action: ”Change the status of an interface”
- Based on the action trigger advanced alert with Custom property condition in Trigger Condition
Parsing would still need to be configured in the trap rules.